Function get_zeroed_page() returns a NULL pointer if there is no enough memory. The function xenstored_local_init() defined in file drivers/xen/xenbus/xenbus_probe.c should return a non-zero value if there is an error. However, when the call to get_zeroed_page() (at line 710) returns a NULL pointer, the return variable err still takes value 0, which may mislead the caller of xenstored_local_init(). Maybe it is better to assign "-ENOMEM" to err when get_zeroed_page() returns a NULL pointer. Codes related to this bug are summarised as follows. xenstored_local_init @@ drivers/xen/xenbus/xenbus_probe.c 703 static int __init xenstored_local_init(void) 704 { 705 int err = 0; 706 unsigned long page = 0; 707 struct evtchn_alloc_unbound alloc_unbound; 708 709 /* Allocate Xenstore page */ 710 page = get_zeroed_page(GFP_KERNEL); 711 if (!page) 712 goto out_err; // insert "err = -ENOMEM;" before this jump instruction? 713 714 xen_store_gfn = xen_start_info->store_mfn = virt_to_gfn((void *)page); 715 716 /* Next allocate a local port which xenstored can bind to */ 717 alloc_unbound.dom = DOMID_SELF; 718 alloc_unbound.remote_dom = DOMID_SELF; 719 720 err = HYPERVISOR_event_channel_op(EVTCHNOP_alloc_unbound, 721 &alloc_unbound); 722 if (err == -ENOSYS) 723 goto out_err; 724 725 BUG_ON(err); 726 xen_store_evtchn = xen_start_info->store_evtchn = 727 alloc_unbound.port; 728 729 return 0; 730 731 out_err: 732 if (page != 0) 733 free_page(page); 734 return err; 735 } Thanks very much!
Created attachment 256411 [details] The patch fixes the bug The patch has been merged into the latest version of the Linux kernel. So I will close the bug.